• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 302
  • Last Modified:

Patching important servers that require high % uptime

What is the correct terminology for servers that require a larger than normal percentage of “on time”.

For starters I am not a windows admin, so I am trying to understand counter concerns from a windows admin on some issues. But I have noticed a lot of our windows servers are on an unsupported service pack. These seem to be more important servers for critical apps. There is definitely a trend. I am wondering why they may be on an unsupported SP. Does applying an SP take more effort and more down time than normal monthly patches?

What should an admin do when applying an SP to a server that does not have much of a window for down time? Or are there no such servers – every server has a window of opportunity when it can be patched/SP’d.

Do normal patches require reboots?

I was thinking for stuff like banking apps (which doesn’t apply in our case) where users are accessing them 24/7 – what do there admins do when it comes to patching / applying SP’s?
5 Solutions
Joseph DalyCommented:
If they are your business critical servers/applications then yes getting downtime may be more difficult than your less critical systems. However patching is a definite necessity not only to ensure top performance but to prevent any security risks from being exploited.

In my environment we make it a point to patch all of our servers when new updates come out. On the critical systems you may need to schedule downtime on a night/weekend when usage will be lower but I would definitley say that you need to do it.

Service packs can take longer than a normal hotfix or update just by the fact that they usually are much larger and contain fixes and enhancements for many parts of the operating system.

Most updates will require a reboot to complete the installation. And I would practically guarantee that any service pack update will require a reboot, if not multiple to complete the installation.

For a service pack update I would probably schedule a few hours of downtime. This may seem like overkill but you want to have some time to make sure that the update is installed and works correctly with the software installed.
It all depends on some details, if by SP you're referring to OS SP, then it is a definitive Yes for the reboot, since it may change very important files from the server OS. But you should check if those server are in that SP due to some reason other than fault to update, there are some Applications that do not work on the latest SP, check with every vendor/support group for each application.

If the SP is MSSQL it might not need a reboot, but a service restart might be needed, for these I prefer to stop the services myself before applying the SP so it will be faster.

Fot .Net SPs the more likely is that you will need to reboot.

Again, check if all your applications support a specific SP before applying it, this could save you a headache, and remember to backup configurations and data!.

pma111Author Commented:
Does taking it down mean the server on which a business critical app depends mean the actual app/website will go down for some time? For example, going back to the banking apps - they are alwyas up so how are they patching the servers behind?

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

pma111Author Commented:
Yeah it was OS SP
pma111Author Commented:
>>However patching is a definite necessity

Does it make any odds if its not a web server in DMZ, more a backend DB server in a private network, behind firewall etc.
Sp's take more time to install than normal updates, and they always need at least one reboot, This reboot usually also takes some time as parts of the installs finish while rebooting. Many other Windozeupdates also require reboots, but not all...

Personally I find a fully patched server more important than having no down-time. But it may be useful to first test the updates and servicepack installs on test servers running in a virtualized environment, and after the update have users test the functionality of the important things running on that server. Once it has been verified that it works OK set a Weekend or after hours for server maintenance when you expect the least traffic on the server. Do that well in advance and notify your users about the downtime (you can probably give a certain expected time-frame as you have tested the updates on the virtual systems). You can usually combine these server maintenance days with mechanical maintenance, like cleaning out dust from the servers and making sure every fan etc is running properly.
Aaron TomoskyTechnology ConsultantCommented:
There are tricky things youcan do but it becomes os and application specific. For example, if it's a read only website, you can clone the machine, apply service packs, bring the new machine up and take the old one down wit only a few seconds of unavailability.
pma111Author Commented:
Thanks - this "app" collects data has loging/logout type functions so probably wouldnt fall into read only
Joseph DalyCommented:
If the app collects login and logout information, I would think that a weekend during nighttime hours would lessen any impact that you may see by doing the updates.

Assuming that your company is not a 24/7 international company it would be a pretty safe bet that many people wouldnt be logging on at 11pm, 2am, etc if you are really worried about the downtime.
Greg HejlCommented:
banks and hosters do this by designing redundancy into the system.

for instance - I have a shared hosting platform of 8 webservers, clustered file and db servers.

before we did this each system had to come down for updates.  now we just take a system offline, do the updates, and put it back in the server farm - no downtime.

applying a Service pack will go much faster if you put the SP files on a cd/dvd or local drive - downloading a SP from MS can take quite awhile.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now